[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Re: "--askpass file" is evil!


  • Subject: [Openvpn-users] Re: "--askpass file" is evil!
  • From: Ray Lee <ray-openvpn@xxxxxxxxxxxxx>
  • Date: Fri, 14 Jan 2005 18:40:59 +0000 (UTC)

[Resurrecting a month-old thread, apologies]

James Yonan <jim <at> yonan.net> writes:
> I'm happy with making --enable-password-save a ./configure option.  The
> question then is how to default it.  I would tend to lean towards
> disabling it by default, as that is generally in line with the basic
> security principle of selecting by default the higher security option when
> faced with a less-security/more-security choice.

Okay, so I'm deploying OpenVPN on a network of headless, embedded machines.
What's the recommended way of doing this if the consensus is that --askpass
[file] and --auth-user-pass [file] are Evil(tm)? Is the only recourse a constant
reconfigure-recompile cycle against my distribution (Debian) reenabling the
options, or is there another (approved) way to handle headless boxes that I'm
missing?

 ~ ~

Thanks for all your hard work, everyone. OpenVPN is working quite well for us.

Ray



-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users